Posted
by
EditorDavid
on Saturday February 11, 2017 @06:34PM
from the this-phone-will-self-destruct-in-five-seconds dept.

drunkdrone quotes the International Business Times: Self-destructing gadgets favored by the likes of James Bond and Mission: Impossible's Ethan Hunt have taken one step closer to reality. Researchers in Saudi Arabia have developed a mechanism that, when triggered, can destroy a smartphone or other electronic device in as little as 10 seconds. The self-destruct mechanism has been created by electrical engineers at the King Abdulla University of Science and Technology and consists of a polymer layer that rapidly expands when subjected to temperatures above 80 degrees Celsius, effectively bursting the phone open from the inside. The mechanism can be adapted to be triggered in various ways, including remotely through a smartphone app or when it's subjected to pressure.

Once triggered, power from the device's battery is directed to electrodes that rapidly heat, causing the polymer layer to expand to around seven times its original size within 10-15 seconds. This crushes the vital components inside the device, destroying any information stored on board.
One engineer believes the phone will see adoption in the intelligence and financial communities, though it can also be retrofitted to existing phones for just $15. This raises an interesting question -- would you want a self-destructing phone?

I think causing the phone to explode is more reliable. I have doubts that simply crushing the phone can reliability destroy the flash memory.

If they've got 10-15 seconds for the phone to self-destruct, that ought to be enough time to overwrite the memory a jillion times before it finally destructs.In fact, would they even need to destruct it if they overwrote the memory for 15 seconds?

Conversely, if I let the cops take my phone and then later it detonates inside the police station, then it has become a terrorist IED. And I have become a terrorist instead of a private citizen wishing to maintain privacy.

I could easily see folks setting a timer if they don't log in every day or week and given any bureaucracy (unavoidable when tracking items) and given on-going current investigations, the phone isn't going to be examined withn 72 hours.

The real question isn't if you want one but if it would be legal. If the cops pull you over and you destroy your phone will that be considered destroying evidence? Will the government outlaw it? If they were unhappy with unhackable iPhones they're gonna go ape over this.

It doesn't sound like this is a fire hazard, I don't see any reason why you couldn't take it on a plane. You're right about the dead man's switch though - that does seem like the only way that you could plausibly get away with destroying evidence like that. I don't know why the parent even asked that question, of course it's destroying evidence if the cops pull you over and then you... destroy evidence.

On how long for this technology to be declared illegal for civilian ownership in the United States

It should be illegal because this thing is effectively a remotely activated road flare that people keep in their pocket. Also, it's retarded because it's the least effective way to destroy information! Honestly, it doesn't take much to release the "magic blue smoke" from ICs (hobbyists do it all the time) which really destroys information so this is just needlessly dangerous.

Does that guys really can think it is much more practical to destroy all data in memory chips(even it might burn all semiconductors in chips, without physical outer damage) , and just such way will render phone useless , or they can't think out of scope "exploding suicidal phone"?

Excuse me? You're trying to crush a chunk of silicon wrapped in epoxy (a flash chip) using reaction force generated by a case designed to be as thin and light as possible and not designed to withstand internal pressure?

Every security measure has to be compared to the particular threat you're worried about. A system that renders a phone non-functional would thwart local or even provincial police, but not an entiity which possesses "national means". Or an engineering school with EE labs.

So the self-destructing phone is not entirely ridiculous when looked at this way. However, you also have to compare a security measure against other means of accomplishing the same thing, and that's where the self-destructing phone looks ridiculous. Apple's approach is much more effective, but less dramatic.

Exactly. It doesn't make sense to try and crush the components... that likely won't destroy the flash storage, anyway.

The only thing that needs to be destroyed is the storage. So design the storage so it can be zapped. When triggered, have the batteries zap it with a a stepped up voltage. No explosion. No crush. No fire. No noise. Not even visible to others. Just zapped storage. Problem solved- phone is permanently bricked.

I thought that was a good idea, but one thing that goes wrong is that you need an, at least, semi-charged battery to pull this off. I reckon the common use cases for something like this actually see a lot of value in being able to burn a dead phone without having to find a battery for it first. Makes me wonder if an analog solution would be preferred.

No, the only thing that needs to be destroyed is the data. So use full-disk encryption and your kill switch is simply to overwrite the key, which can be done in milliseconds and doesn't need any new hardware. Or, if you are really paranoid about being able to recover the key, store the key separately (e.g. Apple's secure enclave), and just destroy that. No need to try to destroy the whole storage system physically.

I have destroyed flash chips with a hammer as additional security-measure for critical data from a customer. Turns out you need a _lot_ of force and you need to hit just right. Think anvil on one side and hammer on the other. This thing will not work.

I could think of a number of mechanical means to destroy a chip; a Poseidon vise, cables that you wind until they tighten, perhaps creating the substrate on a chip that has a layered meta-material that expands at different rates when a current is applied, forcing the chip to shatter as it curved.

The problem is with the word "crush". The silicon is stuck to the polymer, so when it expands it gets pulled apart, not crushed:

The expandable polymer expands much more and causes sufficient tension in the thin silicon — which is sitting on top of the polymer — so it simply crumples and then breaks.

This is pretty much what happens when IC's undergo thermal failure. The silicon, epoxy, copper, etc. expand at different rates, and since they are bonded together, the chip eventually rips itself apart.

I do agree that while it might be effective at making the IC non-functional, it's doubtful whether the information within can be destroyed reliably this way.

I don't understand the need for some sort of special polymer layer or whatever... if you wanna make something that's either automated or dependant of some sort of command, just make a needle module to puncture the Li-po battery.Perhaps they wanted to avoid the Samsung lawsuit? xD

This crushes the vital components inside the device, destroying any information stored on board.

I doubt that last part rather strongly. A local police department may be stumbled getting the child porn out of a phone so destroyed, but an FBI lab will have no problem.

I thought, they'll release a drop of special acid onto the memory chip. But 80 degrees Celsius is not all that hot... Overclockers, supposedly, go up to 85 [overclock.net] before their computers crash. The memory ought to avoid permanent damage at even higher temperatures.

The real problem is buying a phone or a SIM that's not registered in your name. Since most governments archive the communications anyway, destroying the device accomplishes nothing except to give you away.

Now to destroy the device in a visible way may have some value, but wouldn't it be more reliable to simply put some thermite around the memory modules so as to destroy the memristors beyond recovery without having the phone expand into an ugly wad of polymer?

I don't know about you, but I'd be very reluctant to have one of those phones in my hand when the thermite went off; that stuff is hot! Maybe it would be better to embed a coil of wire in the memory's casing and have the self destruct short the battery through it, both EMPing the memory and draining the phone's power. That way, they'll have to recharge the phone before they find out that the evidence is gone while you're making complaints about them holding you without good reason and demanding to see you

That's a good point, but the thermite need not apply extreme heat to the entire device -- just the flash memory chip. A strip of magnesium with oxidizer might also do the job -- both could be adjusted so that the user sees just a bit of smoke coming out of the phone, without personal injury. See section 3.1.2 in this document [ti.com] about the relation of temperature to data retention.

Shorting out the battery through a coil around the memory chip is likely to make it hot but not necessarily hot enough to truly

I'm thinking some idiot would carry it in, ignoring any safety restrictions, and possibly cause an explosion.

That can be said about any number of devices. Frankly this isn't a worry for me (I work in this field). The number of things which could potentially create an ignition are mind-boggling. It's up to companies to enforce a restriction policy. Admittedly some are bad at this, but then it won't be this device which causes their plant to explode.

Because every day thousands of devices that have a potential to ignite an atmosphere are released, and the entire industry has responded to this through white listing making the addition of this one to the market the biggest non-event in the industry.

Because every day thousands of devices that have a potential to ignite an atmosphere are released, and the entire industry has responded to this through white listing making the addition of this one to the market the biggest non-event in the industry.

And every day people ignore the whitelist and the safety rules either through ignorance or because they just don't care.

If this thing ever sees the light of day it'll only be a matter of time until something goes wrong, either by accident or through malicious activity.

I'm not against it per se, I'm just calling it as I see it. Everything gets misused.

And every day people ignore the whitelist and the safety rules either through ignorance or because they just don't care.

If this thing ever sees the light of day it'll only be a matter of time until something goes wrong, either by accident or through malicious activity.

I'm not against it per se, I'm just calling it as I see it. Everything gets misused.

To be clear are you talking about malicious people, or do you actually think that 1000000000 possible pieces of equipment which aren't certified for use in hazardous areas changing to 1000000001 is going to make such a huge difference.

By the way ignoring hazardous area rules on any sites I've worked on is grounds for immediate disciplinary action, and I work on some pretty lax sites, I know some in the USA where it's grounds for immediate dismissal. Claiming that people willfully ignore hazardous area requi

And this is exactly how this kind of thing manages to occur- because the people who are in charge (like you) dismiss the idea as not worth worrying about.

Oh no it's worth worrying about which is why we strictly control it.

What's not worth worrying about is this specific case of a single increase in exposure due to a niche product being brought in which if it were brought in by accident would likely only supplement another product with similar damaging potential being brought in by the same person, and which if brought in maliciously would be incredibly ill-conceived and frankly this would lower the risk to the site compared to any number of damaging things s

Unless you really enjoy buying replacement hardware; the need to have battery power in order to trigger the kill switch is a problem. If you don't configure the device to self-destruct when its battery is on the verge of no longer having enough energy to perform a self destruct; all the attacker has to do is run the battery down. If you do configure it that way, forgetting to put it on the charger could get expensive and tedious rather fast(in addition to the various other issues that can interrupt battery power: overtemp protection kicking in in a hot car; current delivery capability falling under freezing conditions, etc.)

Plus, the battery, and its connection to the logic boards, tend to be among the larger and more obvious parts of a modern electronic widget. That makes them good candidates for controlled disconnection/destruction, even if you can't open the case without tripping some sort of anti-tamper mechanism.

Finding a good self-destruct temperature is also a bit tricky. The lower you go, the closer you get to the high end of normal operating conditions or the 'device won't operate; but should not be permanently damaged' range. 80 degrees is high for flash memory; but most CPUs will be happy enough to run that hot. The higher you go; the more power you need to be able to deliver to kick off the destruction; and the more vulnerable you are to an attacker who is able to apply coolant to slow you down; limit current or voltage delivered to the resistive heater, or both.

All valid points. But the killer is that the designers of this thing are obviously completely clueless on how to securely erase data from flash. They just went for "spectacular" and completely overlooked "effective".

When you look at it, as soon as you have some power, the simple, clean and effective way is this: Erase a crypto-key from RAM that was used to encrypt anything important. Nothing more is needed. Noting is more secure. And yet, you cannot buy phones with that. Why? Because the whole idea does not work.

I don't think so. Unless you hammer flash-memory into a fine powder, no deletion is taking place with purely mechanical approaches. And unless you have a very sturdy shell around the phone, a flash-chip may not even suffer any damage at all as it requires a _lot_ of force to crack the casing.

It'd be nice if it didn't Samsung the battery, but ultimately I'd rather the data on the phone be destroyed, rather than the display and casing. I'm okay if the chips are rendered inoperable as well, but the primary target of self-destruct capability need to be the data, not the device.

I'd be willing to wait ~.5 - 1 second for a cap to build up to charge and trigger.

Nearly every iPhone I have owned self destructed. The glass broke because it looked at it funny. The battery would become weak as a kitten because I abused it by actually charging and then using it. The touch sensor would start to ignore me. The sound regularly would go to crap. And with every OS upgrade on a slightly older model the phones would take another step toward the edge.

Twenty years ago we were doing remote software updates, an early step of which was to erase existing flash. It would essentially make the device self destructed if we'd have stopped there. Doing any more is kinda pointless unless you really need to see smoke come out.

We don't need destructing phones. We need to destroy the financial sector instead.

Yep... That'll take care of the phones too. As well as cars, transport, urban sprawl, light pollution, pollution, police abuses, police, and Electoral College. All the evil [dailykos.com] known personally to today's humans, in other words.